New Developments – Cyber Law Watch

Tennessee Moves First on AI Protections With ELVIS Act

Mar 22 2024

By Jason W. Callen and Christopher J. Valente

On 21 March 2024, Tennessee became the first state in the United States to prohibit unauthorized use of artificial intelligence (AI) to replicate an individual’s likeness, image, and voice when its governor signed the Ensuring Likeness, Voice and Image Security Act of 2024 (ELVIS Act). The protections in the ELVIS Act for a person’s voice from AI misuse is particularly notable. Tennessee, like other states, already had prohibitions on unauthorized use of an individual’s likeness and image. And while some other states, such as California, have also protected a person’s voice, none had expressly linked all three—likeness, image, and voice—to AI.

Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

Feb 26 2024

By Paul Haswell and Sarah Kwong

In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).

Provisional Political Agreement on Landmark AI Regulation in Europe

Dec 14 2023

By Giovanni Campi, Petr Bartoš, and Kathleen Keating

In a landmark development, EU lawmakers reached on 8 December 2023 a provisional political agreement on the Artificial Intelligence Act (AI Act). Once adopted, this regulation will be the first of its kind, and could set a global standard for AI laws around the world.

China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow

Oct 05 2023

By Amigo L. Xie and Dan Wu

On 28 September 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Facilitating Cross-Border Data Flow (in Chinese) for a public comment period ending on 15 October 2023.¹

Jul 10 2023

By Amigo L. Xie, Lingjun Zhang, and Dan Wu

About four months after the Cyberspace Administration of China (CAC) released the Measures for the Standard Contract for the Export of Personal Data from China (China SCC Measures), and 15 working days after the China SCC Measures became effective, Beijing CAC published a notice announcing that a Beijing-based company passed the first-ever China SCC filing on 25 June 2023 (Notice).

Based on the Notice, the first China SCC filing relates to a cross-border personal data transfer from a Beijing-based data exporter, an online data service provider, to a Hong Kong-based data recipient. The type of data exported by the Beijing-based data exporter is personal data related to credit references as disclosed by the Notice.

The completion of the first-ever China SCC filing conveyed some positive messages to the market:

Jul 06 2023

By Yuki Sako and Aiko Yamada

Following the call for international standards on Artificial Intelligence (AI) at the recent G7 summit, on 2 June 2023, in a rare move, Japan’s Personal Information Protection Commission (PPC) issued two warnings in a publicly released letter (the “Letter”):

Firstly to the three categories of users of generative AI services, i.e.,
- business operators who collect personal information and thus are subject to the Act on the Protection of Personal Information of Japan (APPI);
- government agencies, which may adopt generative AI services into their operations; and
- the general public; and
Secondly to the “ChatGPT” developers/publishers.

Jun 22 2023

By Cameron Abbott, Daniel Knight, Rob Pulham, Stephanie Mayhew, and Dadar Ahmadi-Pirshahid

Amid the rapid acceleration of tools like ChatGPT and global calls for tailored regulation of artificial intelligence tools, the Australia Federal Government has released a discussion paper on the safe and responsible use of AI. The Government is consulting on what safeguards are needed to ensure Australia has an appropriate regulatory and governance framework to manage the potential risks, while continuing to encourage uptake of innovative technologies.

Mar 05 2023

By Cameron Abbott, Rob Pulham and Dadar Ahmadi-Pirshahid

Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“. This would seem to be a rather aspirational target!

The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur.

Dec 14 2022

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

As of yesterday, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Privacy Enforcement Act) is now in effect after receiving Royal Assent on 12 December 2022.

As we have previously shared, the Privacy Enforcement Act increases the maximum penalties for serious or repeated privacy breaches. For body corporates/organisations this increases the penalty from the current $2.22 million to whichever is the greater of:

Nov 25 2022

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

We’ve just returned from the annual iapp Australia/New Zealand privacy conference held in Sydney this week, and it was a whirlwind. Even if you’re not one of around half of Australians affected by two of the biggest data breaches in our recent history, you’ll be aware a lot is changing – and a lot more is poised to change – in this space.

We’ll be blogging over the coming weeks about some of the key themes and changes your organisation will need to prepare for, including:

– new regulatory enforcement tools

– higher expectations of the way personal information is collected and secured, and when it needs to be destroyed

– potential removal of key exemptions such as the employee records exemption that your business may currently rely on,

– and of course the major penalty increases that seek to deter privacy breaches being viewed as ‘the cost of doing business’,

as Australia tightens the protections around the collection and use of Australians’ personal information.

Stay tuned!

Catagory:New Developments

Tennessee Moves First on AI Protections With ELVIS Act

Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

Provisional Political Agreement on Landmark AI Regulation in Europe

China Will Issue Safe Harbor Rules to Facilitate Cross-Border Data Flow

Beijing CAC Approved the First China SCC Filing

Japanese Privacy Regulator Cautioned Businesses regarding Issues Relating to Generative AI Services

Australian Government contemplates Asimov’s Omnibus

Australia to be the most cyber secure nation?

New Privacy Enforcement Act commences in Australia

Update from the Australia/New Zealand privacy conference and the changes to Australian privacy and cybersecurity laws